If you built your app with Cursor, Replit, Bolt, or any other AI coding tool, there's something you need to know before you hit “Submit for Review”: Apple is actively rejecting and removing vibe-coded apps from the App Store.
This isn't speculation. In March 2026, Apple blocked updates for Replit and Vibecode, pulled the popular “Anything” app entirely, and triggered a lawsuit from a developer claiming Apple is withholding over $500,000 in revenue.[1] The crackdown is real, it's escalating, and it's catching thousands of indie developers off guard.
But here's what most coverage misses: Apple isn't banning AI-assisted development. The company already integrates OpenAI and Anthropic into Xcode. What Apple is targeting is a specific technical pattern that many vibe coding platforms use — and once you understand the distinction, you can still get your AI-built app approved.
This guide breaks down exactly why apps are getting rejected, which guidelines you're likely violating, and the concrete steps to ship your vibe-coded app without triggering Apple's enforcement. If you're already past the build phase and need help optimizing your listing, our ASO checklist covers everything from keywords to screenshots.
What Is Vibe Coding (And Why Apple Cares)
The term “vibe coding” was coined by Andrej Karpathy, co-founder of OpenAI, in February 2025. He described it as a style “where you fully give in to the vibes, embrace exponentials, and forget that the code even exists.” It became Collins English Dictionary's Word of the Year and was added to Merriam-Webster as a trending term by March 2025.[2]
In practice, vibe coding means using AI tools like Cursor, Lovable, Bolt, Replit, or v0 to generate entire applications from natural language prompts. Instead of writing Swift or Kotlin line by line, developers describe what they want and let the AI build it. The result: anyone can ship a functional app in days instead of months.
The explosion has been staggering. App Store submissions jumped 84% in a single quarter as vibe coding went mainstream.[3] New iOS app launches spiked 56% year-on-year in December 2025, followed by a 54.8% rise in January 2026. Apple processed approximately 200,000 weekly submissions at peak volume — and review times ballooned from the typical 24–48 hours to 7–30+ days.
That surge is exactly why Apple started paying attention. More submissions mean more low-quality apps slipping through review, more security vulnerabilities reaching users, and more strain on an already overwhelmed review team.
The Timeline: How Apple's Crackdown Unfolded
Understanding the timeline helps you see where Apple's enforcement is heading — and how to stay ahead of it.
- December 2025: Apple quietly blocks updates for the “Anything” app, a vibe coding platform by developer Dhruv Amin.
- March 18, 2026: The Information reports that Apple has silently blocked updates for Replit and Vibecode. Apple tells the publication that “certain vibe coding features breach long-standing App Store rules.” MacRumors, 9to5Mac, and Apple Insider all cover the story.[4]
- March 30, 2026: Apple pulls “Anything” entirely from the App Store after the developer submits an update that opens generated content in a browser instead of in-app.[5]
- March 31, 2026: CNBC publishes a column arguing Apple's crackdown “puts it on the wrong side of history.”
- April 3–4, 2026: Ex-Human, a San Francisco AI startup, sues Apple over the removal of its apps Botify (~$330K/month revenue) and Photify AI (~$100K/month revenue), seeking an injunction and claiming Apple is withholding $500,000 in revenue.[6]
Which Apps Got Hit — And Which Didn't
Not all vibe coding tools are treated equally. The distinction matters for your strategy.
Blocked or Removed
- Anything (by Dhruv Amin) — Pulled entirely. Generated and executed code within the app.
- Replit — Updates blocked. Must open generated apps in external browsers, not embedded web views. Dropped from #1 to #3 in free developer tools rankings.
- Vibecode — Updates blocked. Required to remove the ability to generate software for Apple platforms.
- Botify & Photify AI (by Ex-Human) — Removed. Developer is now suing Apple.
Not Affected
- Lovable, Bolt, Base44, v0 — These produce web applications (React, Next.js, Vite), not native iOS binaries. They don't submit to the App Store, so Apple's guidelines don't apply.
- Cursor — A desktop IDE that helps developers write code. The output is traditional source code that compiles normally. No conflict with App Store rules.
The pattern is clear: Apple's issue is with apps that generate and execute unreviewed code at runtime, not with apps that were built using AI tools.
The 4 Guidelines That Kill Vibe-Coded Apps
Apple doesn't have a “no vibe coding” rule. In fact, Apple told MacRumors it “does not have any rules specifically against vibe coding apps.” Instead, it enforces existing guidelines that many AI-built apps inadvertently violate.[7]
Guideline 2.5.2 — No Dynamic Code Execution
This is the big one. It states: “Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code which introduces or changes features or functionality of the app.”[8]
Vibe coding platforms that generate and run code within the app create what Apple calls an “audit gap” — functionality that exists after review but wasn't present during review. That's the core violation.
Guideline 4.2 — Minimum Functionality
Apps must provide sufficient native functionality. Thin wrappers around websites get rejected. Many vibe-coded apps are essentially web views displaying remotely generated content — that's a 4.2 violation. This guideline has historically rejected more apps than any guideline except 2.1 (App Completeness).
Guideline 4.3 — Spam
Apps created from “commercialized templates or app generation services” are rejected unless submitted directly by the content provider. Apple's automated systems detect duplicate code structures. If hundreds of apps are generated from the same AI platform, they start looking identical to Apple's review tools.
Section 3.3.1(B) — Interpreted Code Limits
Downloaded interpreted code must not “change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application.” This catches apps that morph their functionality after passing review.
The Security Problem Apple Won't Ignore
Beyond guideline violations, there's a legitimate security concern driving Apple's enforcement — and the data backs it up.
- 45% of AI-generated code contains security flaws, according to Veracode's 2025 GenAI Code Security Report[9]
- AI-generated code contains 2.74x more vulnerabilities than human-written code
- Stanford research found that developers using AI assistants wrote significantly less secure code while being more confident it was secure[10]
- An audit of Lovable-built apps found 170+ out of 1,645 scanned apps had completely exposed databases with no Row Level Security. One app exposed 18,697 user records.[11]
Common vulnerabilities in vibe-coded apps include exposed API keys, missing input validation, no authentication checks, unencrypted data storage, and hardcoded credentials. These aren't theoretical risks — they're being exploited in production.
This is why a human code review before submission isn't optional anymore. It's a survival requirement.
How to Get Your AI-Built App Approved: 10-Step Checklist
Apple's position is nuanced: AI-assisted development is fine; unreviewed runtime code execution is not. Here's how to land on the right side of that line.
1. Build Native, Not Web Wrappers
Choose tools that compile to native iOS binaries (IPA files), not tools that wrap web views displaying remotely generated content. If your app is essentially a browser pointed at a URL, it will be rejected under Guideline 4.2. React Native and Flutter both compile to native code and are safe choices.
2. No Dynamic Code Execution
Your app must not download, generate, or execute code after it passes Apple's review. All functionality should be present in the submitted binary. If your app needs to update behavior, use server-driven configuration (feature flags, remote config) rather than code injection.
3. Human Code Review Every Line
With 45% of AI-generated code containing vulnerabilities, automated generation without review is a liability. Have an experienced developer audit all AI-generated code for security holes, edge cases, and quality. This isn't just for Apple — it protects your users.
4. Fix Security Vulnerabilities Before Submission
Audit for the most common AI code issues: exposed API keys, missing input validation, authentication bypass, unencrypted storage, and hardcoded credentials. Run static analysis tools (SonarQube, Snyk) on your codebase before submitting.
5. Test on Real Devices
AI-generated code often works in simulators but breaks on real hardware. Test on multiple devices (iPhone SE, iPhone 16 Pro Max, iPad). Use TestFlight with external testers before submitting to App Review. Apple notices when apps crash on common devices.
6. Ensure Meaningful Differentiation
Generic AI output will not pass Guideline 4.3. Your app needs unique features, thoughtful design, and substantive functionality beyond a minimal scaffold. Invest time in UI polish, custom interactions, and features that clearly distinguish your app from others built on the same AI platform.
7. Complete Your Metadata and Screenshots
Incomplete metadata is the easiest way to trigger a rejection for App Completeness (Guideline 2.1). Write compelling titles and descriptions with relevant keywords, create professional screenshots for all required device sizes, include a privacy policy URL, and clearly explain any required permissions. If you need help, AI-powered metadata generation can create optimized listings in seconds.
8. Optimize for Discovery
Getting approved is only half the battle. With over 2 million apps in the App Store, you also need to be found. Research keywords your target users actually search for, localize your listing into multiple languages to reach international markets, and create screenshots that communicate your app's value at a glance. Our guide to keywords that convert and metadata translation tools can help you reach users in 40+ languages.
9. Provide Demo Credentials
If your app requires login, include a demo account in the App Review Notes field. Reviewers can't test what they can't access. This is a surprisingly common reason for rejection — don't skip it.
10. Consider Progressive Web Apps as a Fallback
If your app's core functionality requires dynamic code generation that can't be removed, consider shipping as a Progressive Web App (PWA) instead. PWAs bypass App Store gatekeeping entirely, work on all platforms, and can still be installed on home screens. It's a pragmatic alternative while the regulatory landscape evolves.
What This Means for the Vibe Coding Market
The vibe coding market was valued at $3.9 billion in 2024 and is projected to reach $37 billion by 2032. Cursor alone has a $29.3 billion valuation with $2 billion in annualized revenue. Lovable sits at $6.6 billion. These aren't fringe tools — they're reshaping how software gets built.
Apple's crackdown won't kill vibe coding. It will split the ecosystem into two tracks:
- Build tools (Cursor, Lovable, Bolt, v0) that help developers write traditional source code. These are completely safe and will continue growing.
- Runtime platforms (Replit's mobile app, Vibecode, Anything) that generate and execute code inside the app. These will need to fundamentally redesign their architecture or face removal.
For indie developers and vibe coders, the takeaway is straightforward: use AI to write your code, then compile and submit it like any other app. The tools you use to build don't matter — what matters is what ends up in the binary Apple reviews.
The Real Opportunity for Vibe Coders
Here's what most vibe coders miss: building the app is the easy part. The hard part is getting people to find it.
With 2 million apps in the App Store and 70% of installs coming from search, your listing's metadata, keywords, and screenshots are what determine whether anyone ever sees your app.[12] Most vibe coders ship with placeholder descriptions, no keyword research, and generic screenshots — then wonder why downloads flatline.
This is where App Store Optimization makes the difference. Whether you build your app in 2 days with Cursor or 6 months with a team, the ASO fundamentals are the same:
- Keyword research — Find what your users actually search for, not what you think they search for. Start with our keyword selection guide.
- Metadata optimization — Generate optimized titles, descriptions, and keywords that match search intent.
- Localization — Translate your metadata into 40+ languages to reach users worldwide. This is the single highest-leverage growth action for indie developers.
- Screenshots — Create professional app store screenshots that communicate your value proposition in seconds.
The vibe coders who succeed won't be the ones with the most features. They'll be the ones who get discovered. If you're ready to launch, our complete publishing guide walks you through the entire process from build to live.
Frequently Asked Questions
Why is Apple rejecting vibe-coded apps?
Apple is enforcing Guideline 2.5.2, which prohibits apps from downloading, installing, or executing code that changes features or functionality after review. Vibe coding platforms that generate and run code at runtime create an “audit gap” that bypasses Apple's review process. Apple has stated it does not have rules specifically targeting vibe coding — it's enforcing existing guidelines that these apps happen to violate.
Can I still publish an app built with AI coding tools?
Yes. Apple permits AI-assisted development and already integrates AI into Xcode. The key distinction is between using AI to help write source code (acceptable) and apps that generate and execute unreviewed code at runtime (not acceptable). If your AI-built app compiles to a native binary and doesn't execute dynamic code post-review, it can be approved.
Which vibe coding apps has Apple blocked or removed?
As of April 2026, Apple has blocked updates for Replit and Vibecode and pulled the Anything app entirely. Ex-Human's Botify and Photify AI were also removed, leading to a lawsuit. Web-based builders like Lovable, Bolt, Base44, and v0 are unaffected because they produce web applications, not native iOS binaries submitted to the App Store.
What is Apple Guideline 2.5.2?
Guideline 2.5.2 states that apps must be self-contained in their bundles and may not download, install, or execute code that introduces or changes features or functionality. This is the primary guideline Apple cites when rejecting vibe coding apps. The intent is to prevent apps from acquiring new capabilities that weren't present during the review process.
Is Google Play also cracking down on vibe-coded apps?
As of April 2026, Google Play has not implemented a similar crackdown. Google's policies focus more on content quality and user safety than on development tools. However, many of the same quality and security concerns apply regardless of platform. Following the best practices in this guide will help your app succeed on both stores.
How long does App Store review take for AI-built apps?
The surge in vibe-coded submissions has increased review times. Apple's historical baseline is 24–48 hours, but developers reported waits of 7–30+ days during March 2026 at peak submission volume. Submitting a clean, well-documented app with complete metadata and demo credentials can help speed up the process.